(Before you start, if you are stuck in the loop, disconnect your internet connection first, so that the offending page can’t load)

1. Open Firefox and in the address bar type “about:config” without the quotation marks (notice the colon between “about” and “config”)
2. In the search field, type “sessionstore” and navigate down to browser.sessionstore.resumte_from_crash
3. Double click the line to change the value from default setting of “true” to “false”

1. Create a new folder on your desktop (or anywhere really) and rename it to:

xxxxxxxx.{ED7BA470-8E54-465E-825C-99712043E01C}

where xxxxxxxx is any name you chose.

2. Open the folder and you’ll see a vast range of options ranging from Administrative Tools to desktop gadgets and appearance:

1.  Launch Acrobat Reader
2.  From the menu, select Edit, Preferences
3.  Click on the Javascript category

4.  Uncheck “Enable Acrobat Javascript”

5.  While you are in Acrobat, you might as well check to make sure you are running the latest version by checking for updates/patches:

Below I have listed the data centers and co-location companies that we have worked with and/or are aware of. Please keep in mind that this is not an endorsement of any of these establishments – just a quick reference list if you are looking for a high-availability site to house your server(s). Some of these firms offer a full range of services including managed servers, VPS (virtual private server), as well as full rack, half-rack and no-rack solutions. Most will ask for annual contracts, but some offer pay-as-you-go service as well:

ATT – ATT’s data center (IDC) is in Irvine (near Jamboree and Kelvin). They have probably the most advanced data center in OC. This center has two giant diesel backup generators and state-of-the-art facilities including redundant OC3 backbone, fire control and security system. We have had clients in this facility and are pretty satisfied with their service. Their rates are higher than most ($2,000+ for a full rack). Before AT&T took over from PacBell a couple of years ago, this center used to have a user-accessible and user-friendly NOC (network operations center), so if you wanted someone to reboot your server remotely, they would do it for you, but now they really don’t have engineers on-site that you can call on. Their support center is somewhere in Texas, so when you call support you are not talking to someone on site. We have had spotty experience with their support level. Security is very good. Access is available 24×7 by pre-approved security badges only. Their building is earthquake rated to 8.5 and I think they have enough fuel to power the facility up to two weeks in the event of a power outage.

Overall, we think this is a very good facility.  Phone:  n/a (email only via their website)

Latisys (formerly Intelenet) – This facility is on Von Karman near Alton in Irvine, and we have a couple of clients co-locating their servers here. They occupy the left half of the structure (the right half is owned by an adult sites company). Their facilities are fairly modern. Again, you need security badges for access and you can get in 24×7. The racks and cages are not as modern as ATT’s. For example instead of a swiping you badge to access your rack, the racks have gym locker style locks. Their prices are considerable cheaper than ATT’s. A full rack costs $1,000/mo. or thereabout, plus $50/MB., however they also have bandwidth usage charge that can add up very quickly. As far as I know they have only one diesel backup generator.

They do have an on-site NOC, very good service and support engineers and they will help you with anything from setting up your firewall to rebooting servers at no extra charge.

Overall a very good facility.  Phone:  866-956-9594

Millennium – This facility is also in Irvine (Irvine Center Drive and Scientific). They are a local company and offer very good service. Prices are very reasonable as well. Their 1/2 cabinet storage for about $500/mo. gives you 100MB of bandwidth and 100GB of bandwidth usage cap per month, which is a pretty good deal. They are only open 6AM to 6PM, so if you need to get to your server after hours or on a weekend, you need to call them for someone to meet you there and let you in.  Phone:  (949) 252-8772

Hosting.com – This is a frugal facility near Barranca and Culver in Irvine. A 1/2 rack costs $400/mo., plus $70/MB with no usage cap.  Phone  888-894-4678

Dynamic data center – This place is in Aliso Viejo. We don’t have direct experience working with them.  Phones:  949-215-1200, 800-822-2742

Castle Access – This place is in San Diego, but I thought I mention it for folks in South Orange County.  Phone:  858-836-0200

NDC Host – This company is in San Clemente.  They offer generic hosting, VPS, application hosting, and co-location.  Phones:  888-294-8649, 949-388-8169

Simra Hosting – This is a smaller facility in Fullerton, CA, and their prices are very reasonable.  Phone:  (714)660-6050

OCO (Orange County Online) – This place is in Newport Beach and they offer colo services, hosting and web and graphics design (humm….OK, multi-tasking, I guess).  Phone/Fax: (888) 626-6546

MegaPath – We’ve been told this place on Alton in Costa Mesa apparently offers hosting and co-location, however we could not find any reference to those services on their website.  You might want to call and check. Phone: 877-634-2728

Telekenex – We have very little info on this facility.  Apparently located on Dyer Rd in Santa Ana.  Phone:  714-450-7114

[update 2009-11-24] I was given a tour of Telekenex / OCiX (Orange County Internet Exchange) last week and now have a much better understanding of their facility.  They have a 300,000+ s.f. state-of-the-art facility located on Dyer Rd. in Santa Ana.  This is the same building that used to house the GT Bicycles manufacturing up until a few years ago.  They have a manned NOC, conference room (which is also used by Dell or give regular presentations on their server technologies), plenty of parking and 24×7 access via security badges.  The facilities and the equipment I saw all seemed practically brand new, so that was a good sign.  Besides a well designed power distribution system within the building, they have dual power trucks coming from Irvine and Tustin, UPS system and diesel generator which I was told can run at full load for 6 days without refueling.  Data trunks come from Downtown LA and San Diego and they have a redundant out-of-state NOC.  The facility is very easy to access, just a few blocks from the 55 Fwy.  Besides hosting and colocation, OCiX also provides a host of other services including VOIP hosting, SIP trunking and online backup and disaster recovery.  They also host the Verizon wireless backbone which is a good indication that they are here to stay for the long run.  Overall, I was very impressed with their setup and from what I gather, they have a lot of unused capacity and are eager to have new clients.  I spoke with Robert McGee (Senior Business Continuity Consultant) and Michael Kaspar (Director of Regional Sales) and they said the cost of a full rack including bandwidth would run about $1,000/mo., which if true, would be very good pricing in my opinion, so I would say this would be a very attractive alternative to the big players here in Orange County, i.e. AT&T and Latisys, so give them a try.

Outside Orange County

CalPOP – This company is in LA on Wilshire Blvd. in a multi-story building along with several other hosts and datacenters.  Their prices are very competitive. E.g. a 1/2 rack costs $499/mo. and includes 15MB of bandwidth and no usage caps.  Phone:  (213) 627-1937

Innotech – This company is in or near Corona, but they don’t publish their location or details of facilities.  Phones:  925-218-2020, 951-340-2247

Other Resources

Data Center Map – This website gives you a graphical map of all the data centers that it knows about in a nice Google Map format.

Did we miss any? If so, drop us a line and we’ll add it to the list above.

But today I got a call from a new client who, on the advice of, not one, but two other network admins had purchased a Fortinet FWF-80CM which is an entry level firewall with wireless and VPN capabilities.  He needs  some help setting it up to work with a Toshiba VOIP system with the SIP server on the trust side and the IP phones remote.  OK, so I’m thinking how hard can it be, right?  After all I’ve done the same thing dozens of times on Junipers and SonicWalls.  All you have to do it forward the VOIP ports or put the Toshiba in the DMZ zone, right?  Wrong.  I tried both methods to no avail, so ended up calling Fortinet support.

First of all the guy on the other end sound like a high school dropout with a tendency to utter unfinished sentences. OK, no problem I can work with that.  I give all the relevant info like what I’m trying to accomplish, the environment, serial number, the works.  So he puts me on hold, comes back in 5 and gives me a ticket number and says someone will call me back in the next couple of days.  What the heck?  Next two days?  I ask him is this some kind of low 2nd tier support or do we need to pay more to talk to someone live (as in NOW).  His answer is “nope” this is the normal routine, i.e. there is no level of support I can possibly purchase to get live support for the kind of problem I was having.   I could not believe my ears.  This is a firewall manufacturer and they have no live support?  Are you kidding me?  What if this was a production unit and the entire company was offline?  What if this was a million-dollar-a-day company and we needed support NOW not four days from now?  Today being a Thursday and knowing they don’t have basic/standard support on weekends, I presume this could take as long as next Monday.  Furthermore they could not even give me a window when they would call.  So what am I support to do?  Go to the client site and just sit there the whole day to see when these guy feel like calling back?  You must be joking!

Contrast that with the kind of support you get from Juniper.  The support folks at Juniper are not only “god”s of networking as far as I’m concerned (and I’ve been eating, living and sleeping this stuff for 15 years) , but they are just fanatical about making sure they solve your problem.  If fact they will hunt you down with emails and follow up phone calls for days until they’re certain that whatever it is that you called about got resolved.  There is just no comparison.

I was just just floored by the nonchalant and careless attitude this company, Fortinet,  has toward customer support.  I’m really disappointed and am glad I never recommended their products to anyone.

After finishing the call, I looked at the client who was just an incredulous as I.  And my next statement was “You have to get rid of this ****.  You just can’t run a business this way”.

Bottom line, if you’re looking for a firewall, stay away from Fortinet.  That’s my recommendation and I’m sticking to it.

OK, back to this client. She has a successful company housed in an office in Irvine with about 10 user. Email and website are hosted elsewhere so the regular backup strategy is pretty straightforward and simple to set up and monitor. Put in a local NAS drive, set up scheduled nightly backups with Windows task scheduler and you’re done. Easy enough.

Now what do you do about off-site backups? This same client got broken into a few months ago and thieves took a laptop and a few other goodies, but thankfully they left the file server, the NAS drive, the switches, and other network components alone. So the urgency of doing offsite backups became woefully apparent. I have a couple of other clients using Mozy.com and I am happy with the results, although it does cost about a $1-2 per GB. So for this client the cost would be over $1,000 per year, which would be nice if we could mitigate. Furthermore, last time I had to restore file from Mozy, I had to call them and have them “prepare” a restore CD and FedEx it to us and that took about 3 days. I’m not too thrilled about that, although I like Mozy as a company and their software is pretty much fire and forget. Once you set it up right, it just works and it has nice features like bandwidth throttling and time of day scheduling and most importantly it runs as a Windows service not an executable, so you don’t have to stay logged on to the server or whatever machine is doing the backup.

So to make this short, the owner of this business lived near Irvine also and if you work in or around Central or South Orange County, you know that most residences as well as businesses have access to high-speed broadband (several times faster than a T1 in fact) on either DSL or cable/fiber. This client had 7.5MB download/1.5MB upload speeds at the office and roughly the same at her home. So what we ended up doing was set up two low-cost NetGear FVS114 VPN routers (which are less than $45 each on Ebay) one at the office and one at the owner’s residence and connected them them with a a site-to-site VPN tunnel. Then we purchased a Buffalo Terastation NAS drive (about $600), identical to the one already at the office and installed it at the owner’s residence.

Fig. 1: Site-to-Site VPN Network Diagram

For this client all the company accounting and user files reside on the NAS drive, which is configured with RAID 5 to protect against disk failures. There is no tape drive or tape library. Instead nightly and weekend backups are done from the NAS to the file server’s internal disk which is configured as a RAID 1 (mirroring). This configuration provides the added benefit that if the server were to crash, the users would still be able to access their files and get to the internet, so it would be more of a nuisance than a disaster.

Fig. 2: Netgear FVS114 Configuration

Fig 3: The two Terastations can see and communicate with each other

OK, back to the offsite backup. Once the site-to-site was set up, both NAS drives could see (ping, access, etc.) each other and the server could see them both. The Terastations have a nice backup and synchronization utility that allows you to back up one NAS to another automatically and this is what I enabled initially. BTW, Terastations run an embedded version of Linux inside so it has much more features than just a plain, dumb network disk drive, but you don’t have access to the OS, so the features and applications are not user tweakable. However it became evident that this was not going to work. First of all, the backup routine has no bandwidth throttling capability, so once you set it and kick start the service, it will hog the entire upload bandwidth and you’re going to have a lot of unhappy users. Secondly, there really isn’t any easy way to monitor the backup process to see if/when it failed and why. And the death nail to this approach was that, as far as I could tell, the backup was more of a synchronization – i.e. if files/folders were deleted from the office NAS, the deletions would propagate to the home NAS. Not good. What if a malicious user or a disgruntled employee got into your network and started deleting stuff and you didn’t find out about it until the next day? No, no no no. Bad. Very bad.

So to get around this I installed AllWaySync on the server and set up a “copy” operation from NAS1 to NAS2. This will create a mirror image on the home NAS. I set it to go off at night, every night, after the regular backup completes. I selected every night instead of Mon-Fri because many users log in via VPN and create files and make change from home or remote sites. I also made sure to select the “1-Way Left to Right” method and unchecked “Propagate Deletions” because you don’t want files either accidentally or intentionally deleted to also be deleted from the target NAS. This strategy has the added benefit that, let’s say ALL of the IT equipment in your office was lost, say a burglar broke in and took EVERYTHING but the kitchen sink. All that it would take to get back up and running is to bring the home NAS to the office, plug it into the network and voilà. The only tweaks you need to make is change the IP address and share drive mappings and you’re back in business. In minutes, not days. Of course this assumes your switch and cable modem/router were left alone, but if not, those are very easy to replace and can be easily found at local computer supply stores.

Fig. 4: AllWaySync Configuration

While we are going through this scenario, I can over-emphasize the importance of have an updated network topology diagram and inventory chart (stored off-site of course). For example in the above scenario, let’s say your cable modem was taken in the burglary. Even if you could replace it quickly, do you remember your public IP, logon account and password, DMZ or service or firewall settings? My guess would be that you wouldn’t and in a disaster recovery situation, that last thing you want to do is scramble to get information. So I highly recommend have a continually updated network diagram with all the IPs, accounts/passwords, screen caps, etc., and save it to a location where you can access it if all heck breaks loose. An of course password protect that file since you will have a lot of sensitive info.

Caveats

In configuring the site-to-site VPN, you may want to take some precaution in enabling the NetBIOS broadcasts since this will increase the volume of inter-site traffic, so if you have a relatively slow connection at either end, you may want to disable this in the VPN Policy screen. In the above example, bandwidth was not an issue and enabling NetBIOS allowed us to browse the remote network for drive mappings and other tasks.

Good luck with your disaster planning and offsite backups. Feel free to email me if you have questions about this setup.

While there is no method to completely eliminate spam from the workspace, very effective measures can be put in place to eliminate at least 99.9% of it In this article I shall discuss some of the common sense methods to avoid spam in the first place, as well as some of the business class spam- fighting strategies.

Steps to avoid spammers in the first place

• Don’t publish your email – This is common sense, but if your email is published on your web site, you are probably already receiving a lot of spam. The proper way to allow the public to contact you via your web site is to have a CGI mailform which allows the user to fill in their contact requests and it allows the server to turn that request into an email and send it to you without exposing your actual email on your web site

• Don’t use your email on sites you don’t trust – For example if there is a site offering a promotion or a free vacation, don’t use your regular business email. If you absolutely have to give out your email to untrusted sites, first create a public email on a free site such as GMail or yahoo and use that email instead.
• Don’t reply to spam – Many spammers will harvest your email by scouring the web and once they find you they will send out some spam. If you happen to respond to it, even if you complain or to ask not to be emailed again, then they know they have a valid email and will continue sending you spam. It is reasonable to assume that spammers have no scruples.
• Use Encrypted Emails Portals – If you are away from the office and are using your business email portal (e.g. Outlook Web Access) or a public email exchange, make sure you are on an encrypted channel. You can tell if you are on an encrypted channel by the small lock symbol at the bottom of your browser. If you don’t see the lock symbol on a page, don’t enter your email on that page. If you business email portal doesn’t have encryption (SSL) put one in place. Bear in mind that anything you type or send over an unencrypted channel (including emails and passwords) travels in plain text and can easily be intercepted and revealed, especially if you use a wireless connection.

Combating spam

• DNSBLs and RBLs – DNSBL (DNS black list) and RBL (Real-time blackhole list) are two extremely effective way of blocking spammers from getting to your email system. DNSBL and RBL refer to online databases of IP addresses of well-known spammers. These list are compiled by a community of dedicated professionals determined to reducing spam from the cyberspace. Examples of RBLs are SpamCop and Spamhaus. Most business class email server such as Microsoft Exchange can be configured to utilize DNSBLs and RBLs. Once configured, when an email comes into your system, the server first checks to see if it came from one of the IP addresses in the blacklist which you configured. If it did, then you server simply drop the communication with the foreign server and discards the email. This way you never even see the spam. Alternatively, the server can be configured to allow the spam through and mark the subject header with a something like “***SPAM***”. This makes it easy for the user to sort the good emails from suspected spam. Since many spammers use “zombie” computers propagate their emails, some RBL’s optionally include dynamic IP as these are most likely assigned to home users and not likely to be sources of legitimate emails. DNSBL and RBLs to your email server will eliminate more than 99%+ of spam and it costs little or nothing, so it should be your first step in corporate spam fighting strategy.
• Heuristic Algorithms – Spam fighting software such as SurfControl and SpamKiller use heuristic algorithms to assign a spam score to an incoming email. Based what threshold you set, the email will get routed to your Inbox, Suspected Emails or Junk Mail. This approach, while effective, cannot be configured by the user because the formulas used to determine the spam scores are typically considered trade secrets and the user can only configure what the threshold should be, so if this is the only method being used, there can be a lot of false positives, i.e. email that is legitimate, but is being blocked.
• White Lists & Black Lists – A feature available in many systems is the concepts of white listing 9always allowing) and black listing (never allowing) a particular sender or domain. While the idea made sense in the old days of the internet, this concept no longer has merit in today’s web space since spammers almost never use the same email twice to send out spam. The one exception is this: Whitelists are useful in cases where legitimate senders keep getting blocked by your spam filter. This tells your software to that you trust this sender and to always allow mail coming from them to get through.
• Anti-Spam Hardware Appliance – Vendors such as Cisco and SonicWall make very effective products that are typically built into a firewall or a router and perform content filtering at the border or gateway into your network which is typically your firewall. This approach works really well because it eliminates the guesswork by filtering out spam (and usually viruses and malware) before it enters your network, specifically your servers.
• 3rd-party Spam Filtering – Whether you house your own email server in house or have a service provider host you email for you, one effective strategy is to have a 3rd party such as McAfee receive your emails first, scrub them from spam and viruses and then send them to you. This is a cost effective method and works really well in small environments (10 – 20 employees)
• Desktop Spam Filtering – The lowest cost method of fighting spam (and viruses) is to have a desktop spam filter such as the Kaspersky Internet Security which monitors and flags or deleted content deemed to be spam or inappropriate for business. This approach work for small companies that don’t have their own email sever and rely on a host provider. The shortcoming of this approach are these: a) the spam has to received and downloaded to your desktop and your email client, e.g. Outlook, before the software can recognize it as spam. This takes up bandwidth and it slows down the user’s PC, and b) the software determines what should be considered spam and what shouldn’t. Typically, there is no user configurable option or set of parameters to control what and how the the software determines what is spam and what isn’t.
• Other Methods – Some smaller organizations use GMail Small Business Email System to send and receive all the business emails. GMail uses Postini which is a very effective spam filter and it costs little or nothing depending on the level of service and number of email accounts you have. This method works by changing your MX record of your domain and pointing it to GMail instead of your domain. Gmail then received any email sent you “yourdomain.com” and does the scrubbing for you. Your server or workstations then retrieve the cleaned up mail and the reverse happens when users send out emails. This approach works well for smaller organizations and is costs effective

One of the most common mistakes businesses, as well as individuals make is putting a backup system (e.g. tape or removable drives) in place and never testing to see if what is being backed up can be readily and reliably restored. Much like your insurance policy or the spare battery in your smoke alarm, if you don’t test the validity of your backup, by the time you find out you need it, it would be too late. In this article we will discuss some of the common techniques and best practices used by businesses today.

Backup Medium

• Tape – Although an aging technology which has changed little in the past three decades, backup to tape media is still the most common form used today. Tape has the advantage of long shelf life (2 – 4 yrs.), low cost and simple operation. Vendors such as IBM and Dell make tape solutions capable of backing up up to 1TB or more per tape and practically limitless size for tape libraries. Two of the major disadvantages of using tape are a) high cost of tape drives and tape libraries and b) Slow backup and restore times.

• Disk – Backing up to a disk or more likely a disk array, has become very popular in recent years, primarily because of the declining price of disk drives and the speed of backups and restores.
• Removable Media – Many small business use removable disk drives such as iOmega to back up their critical files. the major shortcoming of the method is the limited space typically offered by such media and the fact that it is a manual process and requires discipline to do it consistently.
• On-Line – Many business and individuals are turning to on-line backup services such as Mozy and HP. The greatest advantage of this method is physical separation (discussed below). However to be done properly and reliably, at a minimum you need to have T-1 connection speeds and the backup needs to carefully configured to not overwhelm the bandwidth (which it shares will all the users). Most on-line backup service providers charge on a per-Gigabyte basis. In other words, the more data you have to back up the more you pay. In recent years Amazon and iDrive have come up with relatively low cost or free solutions, however these services are primarily targeted to individual users, not businesses, as they are either limited in the size of backup allowed, or are not compatible to be run on servers where business data usually resides.

Rotation Strategies

• Grand Father, Father, Son – This is the most common strategy used to rotate tapes or “hives”. In this strategy you label tapes for daily, weekly and monthly rotation and as you go though one set of daily tapes (sons), you graduate the last tape to the weekly (father) status and so forth. Some users make a single full backup, e.g. on Mondays and incremental or differential backup on subsequent days. That is not a wise strategy because if something were to have to your full backup tape, you would have no way of recovering most of your files. Tip: Use disk-based backups for daily runs and use tape for end of week.
• Daily Rotation – In this method five or more tapes are used, one for each day of the week and rotated each week. This not a cost-effective or efficient method
• Continuous Backup – First introduced by Veritas Backup Exec, continuous backup is exactly what is sounds like. In other words, the software monitors files and other data on the servers and whenever it sees a change, it backs it up and creates “snapshot” of the file at that point in time. So let’s say you are working on a spreadsheet and you save it ten times during the day as you modify it. With continuous backup, you could conceivable go back to each of the ten versions and recover that specific version when and if you need it.

Physical Security

Many businesses host or house their critical servers and backup system at a data center. This is a prudent strategy as most data centers have a array of redundancies such as uninterruptible power supplies (UPS), structural and access security and redundant internet connections. However just because your servers are in a secure location doesn’t mean you can neglect the other aspects of a backup strategy. After all if you had an un-authorized access to your servers and some data was lost or corrupted, the physical security of the data center will be of little help. Furthermore, living in an earthquake prone state here in California, it is not inconceivable that even a mild earthquake might render your server and your backups inaccessible, at least temporarily. So having a robust rotation strategy and “pulling” tapes is still necessary even if your server are safe. The idea of pulling tapes is to create a physical separation between where your data resides and there the backup tapes or disks are stored.

Another factor to consider is this. Let’s say you have been pulling and saving your tapes religiously and all of a sudden your servers were lost in a fire. Even if you have the backup tapes, do you have the tape drives and the software to recover the data on those tapes? The answer is simple. You need to have a method to quickly recover your data. This could be as simple as having a spare tape drive at home or an online “life-line”. Keep in mind that most online backup services do not guarantee how quickly you can access and restore your files, especially if you have a large volume of files or databases. For example in the case of Mozy.com, your request to burn a 20GB database to or a DVD or tape and send it to you will take several days.

Business Objective

In almost any type of business today, the goal of continuity of business relies on the availability and quick recovery in case of a disaster, of the critical files and databases needed to run the business. This includes your MS Office files, your emails, your SQL databases that might store everything from your customer data to you accounting system. Backing up of data is, or should be, only part of the overall disaster recovery plan. Most businesses who are genuinely committed to this principle have at least two backup methodologies. For example, the primary backup may be done to a disk array on a continuous or nightly basis and second on-line backup provides a “life-line” in case something were to happen to the servers and data storage arrays. To further safeguard the process, a tape (or whatever medium is used) is pulled and stored off-site at least once a week. The idea is to never have less backup sources than you can afford to lose. If you can afford to lose up to one week of files and updates without it affecting your business, then pulling one tape a week will probably be adequate. If you have a 24×7 business and your customers rely on your web and database server to be up all the time, then you probably need to implement a more robust disaster recovery plan.

Common sense steps to avoid computer viruses

• Create a non-admin user account – As a corporate network administrator, I generally do not give administrative privileges to users. What this means is that the employee or user can use their computer most if not all common tasks such as creating and saving Office documents, using email, browsing the internet, etc. However they cannot install any software. Since most viruses these days come from the web, if the user does not have the ability to install any new software, then nor does any computer virus which may try to sneak in while he/she is doing the browsing. If you are a home user or have a PC or laptop at home, I recommend creating a non-admin user on your local PC and use that account for all you activities. If you even need to perform some functions that require administrative privileges, such as installing new software, you can always log in as an administrator, perform those functions and re login as the your regular non-admin account.

• Don’t use your email on sites you don’t trust – For example if there is a site offering a promotion or a free vacation, don’t use your regular business email. If you absolutely have to give out your email to untrusted sites, first create a public email on a free site such as GMail or yahoo and use that email instead.

• Don’t reply to spam – Many spammers will harvest your email by scouring the web and once they find you they will send out some spam. If you happen to respond to it, even if you complain or to ask not to be emailed again, then they know they have a valid email and will continue sending you spam. It is reasonable to assume that spammers have no scruples.

• Use Encrypted Emails Portals – If you are away from the office and are using your business email portal (e.g. Outlook Web Access) or a public email exchange, make sure you are on an encrypted channel. You can tell if you are on an encrypted channel by the small lock symbol at the bottom of your browser. If you don’t see the lock symbol on a page, don’t enter your email on that page. If you business email portal doesn’t have encryption (SSL) put one in place. Bear in mind that anything you type or send over an unencrypted channel (including emails and passwords) travels in plain text and can easily be intercepted and revealed, especially if you use a wireless connection.

Software solutions

Every business should be running some sort of anti-virus software without exception. The consequences and risk of having your PCs, laptops and servers get wiped out is unimaginable. There are several approaches to anti-virus functions and I will discuss the pros and cons of each.

• Server Based Anti-Virus – This is the most common approach to installing and deploying anti-virus software in corporate environments today. Typically this approach involves installing the software on one or more servers and deploying the “client” application to individual workstations and laptops. The server portion of the software usually scans and filters out both email-based viruses and those found embedded in files on the server, so there are two layers of filtering being done by the time a file or an email is accesses by a user, however since both filtering is being done by essentially the same software from the same vendor, chances are that if a brand new virus come through to your system, and the server misses it or doesn’t recognize it as a threat, the “client” will miss it too. Therefore one school of thought suggest using server software from one vendor and desktop software from another. I happen to agree with that philosophy.

• Client-Based Anti-Virus – Products such as Kaspersky Internet Security offer very good albeit not 100% protection against viruses. The key factor in keeping the product do what it is designed to do is to update it regularly. Most desktop products including Kaspersky and McAfee have a built-in automatic update feature, however this needs to monitored regularly to make sure it it functioning. The update process can be interrupted for a variety of reasons such as firewalls or product registration issues, and if not carefully monitored, may leave the user with a false sense of security. I recommend checking the update status at least once a week.

• Anti-Virus Hardware (Appliance) – Many vendors such as Cisco and SonicWall make very effective products that are typically built into a firewall or a router and perform content filtering at the border or gateway into your network which is typically your firewall. This approach works really well because it eliminates the guesswork by filtering out spam (and usually viruses and malware) before it enters your network, specifically your servers.